found kernel trace when using java

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

found kernel trace when using java

Postby specs » Wed Apr 30, 2008 8:47 am

hi,
I was looking for a bug that has been nagging since last year.
It happens when i run an java-applet.

When I saw:
grsec: From 127.0.0.6: signal 4 sent to /usr/lib/j2se/1.4/jre/bin/java[java:4425] uid/euid:1000/1000 gid/egid:1000/1000, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
grsec: From 127.0.0.6: signal 4 sent to /usr/lib/j2se/1.4/jre/bin/java[java:4425] uid/euid:1000/1000 gid/egid:1000/1000, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
grsec: From 127.0.0.6: signal 4 sent to /usr/lib/j2se/1.4/jre/bin/java[java:4425] uid/euid:1000/1000 gid/egid:1000/1000, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
grsec: From 127.0.0.6: signal 4 sent to /usr/lib/j2se/1.4/jre/bin/java[java:4425] uid/euid:1000/1000 gid/egid:1000/1000, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
grsec: From 127.0.0.6: signal 4 sent to /usr/lib/j2se/1.4/jre/bin/java[java:4425] uid/euid:1000/1000 gid/egid:1000/1000, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
grsec: From 127.0.0.6: signal 4 sent to /usr/lib/j2se/1.4/jre/bin/java[java:4425] uid/euid:1000/1000 gid/egid:1000/1000, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

Since no-one needs to connect to 127.0.0.6 I enabled iptables:
iptables -t filter -A OUTPUT -d 127.0.0.6 -j LOG
iptables -t filter -A OUTPUT -d 127.0.0.6 -j REJECT

The messages changed to:

ip_tables: (C) 2000-2006 Netfilter Core Team
grsec: From 127.0.0.6: signal 4 sent to /usr/lib/j2se/1.4/jre/bin/java[java:4775] uid/euid:1000/1000 gid/egid:1000/1000, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
grsec: From 127.0.0.6: signal 4 sent to /usr/lib/j2se/1.4/jre/bin/java[java:4775] uid/euid:1000/1000 gid/egid:1000/1000, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
------------[ cut here ]------------
kernel BUG at mm/mmap.c:1730!
invalid opcode: 0000 [#1] PREEMPT
Modules linked in: ipt_REJECT ipt_LOG iptable_filter ip_tables x_tables af_packet lp nfs lockd nfs_acl sunrpc ipv6 loop usbhid snd_via82xx snd_ac97_codec ac97_b
us snd_mpu401_uart snd_rawmidi snd_pcm_oss snd_pcm snd_page_alloc snd_mixer_oss evdev snd_seq_oss parport_pc parport snd_seq_midi_event snd_seq snd_timer snd_seq_device snd via_rhine mii bitrev soundcore crc32 i2c_viapro i2c_core ehci_hcd uhci_hcd thermal button processor usbcore via_agp unix

Pid: 4753, comm: java Not tainted (2.6.24.5-grsec-200804171953-1 #1)
EIP: 0060:[<000407f6>] EFLAGS: 00010206 CPU: 0
EAX: 00001000 EBX: 00002000 ECX: f4116a14 EDX: f4116bcc
ESI: 08472000 EDI: 00100077 EBP: f4116a14 ESP: f400ff04
DS: 0068 ES: 0068 FS: 0000 GS: 0033 SS: 0068
Process java (pid: 4753, ti=f400e000 task=f72b5aa0 task.ti=f400e000)
Stack: f4116a14 f71f3280 00000001 0003ed23 00000007 08474000 08473000 c09903b4
00000007 08472000 f71f3280 f72b5aa0 00186286 f72b5aa0 f71f3280 f4116a14
f71f3280 00000001 08472000 0000eae8 00000001 55049e48 00003938 55049e48
Call Trace:
[<0003ed23>] <0> [<00186286>] <0> [<0000eae8>] <0> [<00003938>] <0> [<0000e7d0>] <0> [<001877ca>] <0> [<00010212>] <0> =======================
Code: 0b eb fe 8b 51 54 85 d2 74 05 39 4a 54 74 04 0f 0b eb fe 8b 41 48 3b 42 48
74 04 0f 0b eb fe 8b 42 08 29 f3 2b 42 04 39 c3 74 04 <0f> 0b eb fe 8b 41 44 3b
42 44 75 08 8b 41 3c 3b 42 3c 74 15 0f
EIP: [<000407f6>] SS:ESP 0068:f400ff04
---[ end trace 531aca9b5c70aa23 ]---

The thing I want to do now is first upgrading to grsec-20080421 and see if the problem still occurs with the latest grsecurity patch.
Also I'll send this to the java programmer since he obviously has some weird code.

It seems like there is a application error in the client which is triggered by GrSecurity.
Is since 20080417 anything changed to the iptables modules?
specs
 
Posts: 190
Joined: Sun Mar 26, 2006 7:00 am

Re: found kernel trace when using java

Postby PaX Team » Wed Apr 30, 2008 5:02 pm

specs wrote:kernel BUG at mm/mmap.c:1730!
this indicates a problem in vma mirroring. if it's easy to reproduce, could you run java under strace -f and send me the logs (both that of strace and the kernel, the latter should preferably have KALLSYMS enabled).
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: found kernel trace when using java

Postby specs » Thu May 01, 2008 5:36 am

It is not easy to reproduce.

The application programmer suggested upgrading to newer java libraries (1.6 instead of 1.4).
As mentioned above I also replaced the kernel (2.6.24.5-grsec-200804211829-1), but I don't think that will do anything for this problem.

The signals still occur very often. however they changed from sig4 to sig11:
Apr 30 22:14:28 kernel: grsec: From 127.0.0.6: signal 4 sent to /usr/lib/j2se/1.4/jre/bin/java[java:3871] uid/euid:1000/1000 gid/egid:1000/1000, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
Apr 30 22:35:33 kernel: grsec: From 127.0.0.6: signal 11 sent to /usr/lib/j2se/1.4/jre/bin/java[java:4021] uid/euid:1000/1000 gid/egid:1000/1000, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
Apr 30 23:04:16 kernel: grsec: From 127.0.0.6: signal 11 sent to /usr/lib/j2se/jre1.6.0_10/bin/java[java:4757] uid/euid:1000/1000 gid/egid:1000/1000, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

Still coredump material.
Currently I run java from strace, just to see what it will yield.
Don't expect anything soon.
specs
 
Posts: 190
Joined: Sun Mar 26, 2006 7:00 am

Re: found kernel trace when using java

Postby PaX Team » Thu May 01, 2008 7:01 am

specs wrote:The application programmer suggested upgrading to newer java libraries (1.6 instead of 1.4).
actually i'd prefer if you kept 1.4 as that's known to trigger this bug at least (note that at this point all i see is a bug in PaX/vma mirroring, not in java, once that's fixed, we'll see if there's more to it).
Currently I run java from strace, just to see what it will yield.
i forgot to mention but you can filter strace so that the logs are a lot smaller: -e trace=open,old_mmap,mmap2,munmap,mprotect,mremap.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: found kernel trace when using java

Postby wippie » Sun May 25, 2008 11:22 am

I think i ran over this bug too while installing sun-jdk on my gentoo-hardened/grsec boxes.
running:
Code: Select all
# java -client -Xshare:dump

results in a freeze and:
------------[ cut here ]------------
kernel BUG at mm/mmap.c:1725!
invalid opcode: 0000 [#8]
Modules linked in: via_rhine via_velocity
CPU: 0
EIP: 0060:[<0005ec43>] Tainted: G D VLI
EFLAGS: 00010282 (2.6.23-hardened-r12-onyx #1)
eax: 00000000 ebx: af73c000 ecx: f2522240 edx: f25222a0
esi: 00006000 edi: 00100077 ebp: f2588780 esp: f251de88
ds: 0068 es: 0068 fs: 0000 gs: 0033 ss: 0068
Process java (pid: 11320, ti=f251c000 task=f25a0550 task.ti=f251c000)
Stack: f2588420 f2522240 4f743000 0005dbdf 4f741000 f2522240 00000000 00000000
00000000 af743000 af742000 00000001 4f742000 f2588780 4f742000 4f743000
00000070 000601c3 4f743000 00000070 00000000 00000000 0004f742 00000000
Call Trace:
[<0005dbdf>] <0> [<000601c3>] <0> [<0004f742>] <0> [<00060641>] <0> [<00025771>] <0> [<000c8f26>] <0> [<00005250>] <0> [<00005250>] <0> [<0000522a>] <0> =======================
Code: 31 cf 81 e7 dd df ef df 75 25 5b 5e 5f c3 8b 71 58 31 c0 85 f6 74 f3 0f 0b eb fe 0f 0b eb fe 0f 0b eb fe 0f 0b eb fe 0f 0b eb fe <0f> 0b eb fe 0f 0b eb fe 90 8d 74 26 00 83 ec 1c 89 5c 24 0c 89
EIP: [<0005ec43>] SS:ESP 0068:f251de88

..with repeatable: always on two boxes.
I ran a strace with your filter which outputs:
open("/etc/ld.so.cache", O_RDONLY) = 3
mmap2(NULL, 27404, PROT_READ, MAP_PRIVATE, 3, 0) = 0x5225a000
open("/lib/libncurses.so.5", O_RDONLY) = 3
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x52259000
mmap2(NULL, 319148, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x5220b000
mmap2(0x52250000, 36864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x44) = 0x52250000
open("/lib/libdl.so.2", O_RDONLY) = 3
mmap2(NULL, 12344, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x52207000
mmap2(0x52209000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x52209000
open("/lib/libc.so.6", O_RDONLY) = 3
mmap2(NULL, 1374480, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x520b7000
mmap2(0x52201000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14a) = 0x52201000
mmap2(0x52204000, 10512, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x52204000
open("/etc/ld.so.cache", O_RDONLY) = 3
mmap2(NULL, 27404, PROT_READ, MAP_PRIVATE, 3, 0) = 0x5225a000
open("/lib/libncurses.so.5", O_RDONLY) = 3
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x52259000
mmap2(NULL, 319148, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x5220b000
mmap2(0x52250000, 36864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x44) = 0x52250000
open("/lib/libdl.so.2", O_RDONLY) = 3
mmap2(NULL, 12344, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x52207000
mmap2(0x52209000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x52209000
open("/lib/libc.so.6", O_RDONLY) = 3
mmap2(NULL, 1374480, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x520b7000
mmap2(0x52201000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14a) = 0x52201000
mmap2(0x52204000, 10512, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x52204000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x520b6000
open("/dev/urandom", O_RDONLY) = 3
mprotect(0x52201000, 8192, PROT_READ) = 0
mprotect(0x52209000, 4096, PROT_READ) = 0
mprotect(0x52250000, 32768, PROT_READ) = 0
mprotect(0x1302d000, 4096, PROT_READ) = 0
mprotect(0x5227e000, 4096, PROT_READ) = 0
munmap(0x5225a000, 27404) = 0
open("/dev/tty", O_RDWR|O_NONBLOCK|O_LARGEFILE) = 3
open("/proc/meminfo", O_RDONLY) = 3
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x52260000
munmap(0x52260000, 4096) = 0
open("/usr/bin/java", O_RDONLY|O_LARGEFILE) = 3
--- SIGCHLD (Child exited) @ 0 (0) ---
--- SIGCHLD (Child exited) @ 0 (0) ---
--- SIGCHLD (Child exited) @ 0 (0) ---
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x523cc000
open("/opt/sun-jdk-1.6.0.05/bin/../lib/i386/jli/tls/i686/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/opt/sun-jdk-1.6.0.05/bin/../lib/i386/jli/tls/i686/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/opt/sun-jdk-1.6.0.05/bin/../lib/i386/jli/tls/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/opt/sun-jdk-1.6.0.05/bin/../lib/i386/jli/tls/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/opt/sun-jdk-1.6.0.05/bin/../lib/i386/jli/i686/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/opt/sun-jdk-1.6.0.05/bin/../lib/i386/jli/i686/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/opt/sun-jdk-1.6.0.05/bin/../lib/i386/jli/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/opt/sun-jdk-1.6.0.05/bin/../lib/i386/jli/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/tls/i686/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/tls/i686/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/tls/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/tls/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/i686/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/i686/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
mmap2(NULL, 27404, PROT_READ, MAP_PRIVATE, 3, 0) = 0x523c5000
open("/lib/libpthread.so.0", O_RDONLY) = 3
mmap2(NULL, 94432, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x523ad000
mmap2(0x523c1000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13) = 0x523c1000
mmap2(0x523c3000, 4320, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x523c3000
open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/libjli.so", O_RDONLY) = 3
mmap2(NULL, 35516, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x523a4000
mmap2(0x523ab000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6) = 0x523ab000
open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)


There's a litte more info in the gentoo forums:
http://forums.gentoo.org/viewtopic-p-5103624.html#5103624
wippie
 
Posts: 7
Joined: Sun May 25, 2008 11:05 am

Re: found kernel trace when using java

Postby PaX Team » Sun May 25, 2008 7:09 pm

wippie wrote:I think i ran over this bug too while installing sun-jdk on my gentoo-hardened/grsec boxes.
running:
Code: Select all
# java -client -Xshare:dump

results in a freeze and:
hmm, build 1.6.0_06-b02 works fine here at least with this command line. also can you try a newer kernel than 2.6.23 please? i'm not sure everything got backported there...
Call Trace:
[<0005dbdf>] <0> [<000601c3>] <0> [<0004f742>] <0> [<00060641>] <0> [<00025771>] <0> [<000c8f26>] <0> [<00005250>] <0> [<00005250>] <0> [<0000522a>] <0> =======================
you should enable kernel symbols as suggested on the gentoo forum as well.
..with repeatable: always on two boxes.
I ran a strace with your filter which outputs:
you missed -f ;), please try again with that.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: found kernel trace when using java

Postby specs » Mon May 26, 2008 1:51 pm

Would you mind posting some hardware details?
I was assuming from my problems that it was either a x86-32 problem or a specific VIA C3 (Nehemiah) problem.

I did notice the VIA Rhine module in your message, which is also standard on the Epia M10000 where my problem occured.

I don't use my other pc's much with java, so I haven't been able to compare.
specs
 
Posts: 190
Joined: Sun Mar 26, 2006 7:00 am

Re: found kernel trace when using java

Postby wippie » Tue May 27, 2008 1:04 pm

It's the Via Epia EN10000, C7 (Esther) x86-32, NX.. The C7 is a full i686 and everything but java seems to work just fine. I can post a lspci output if you want :)

The kernel bug from dmesg again, this time with kernel symbols but still the gentoo hardened-2.6.23-r12 kernel.
grsec: signal 11 sent to /opt/sun-jdk-1.6.0.05/bin/java[java:5612] uid/euid:1003/1003 gid/egid:1009/1009, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
grsec: signal 11 sent to /opt/sun-jdk-1.6.0.05/bin/java[java:5612] uid/euid:1003/1003 gid/egid:1009/1009, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
... (i get tons of these, guess there's more than one problem here.)
grsec: signal 11 sent to /opt/sun-jdk-1.6.0.05/bin/java[java:5609] uid/euid:1003/1003 gid/egid:1009/1009, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
grsec: signal 11 sent to /opt/sun-jdk-1.6.0.05/bin/java[java:5612] uid/euid:1003/1003 gid/egid:1009/1009, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
grsec: signal 11 sent to /opt/sun-jdk-1.6.0.05/bin/java[java:5764] uid/euid:1003/1003 gid/egid:1009/1009, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
grsec: signal 11 sent to /opt/sun-jdk-1.6.0.05/bin/java[java:5612] uid/euid:1003/1003 gid/egid:1009/1009, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
grsec: signal 11 sent to /opt/sun-jdk-1.6.0.05/bin/java[java:5612] uid/euid:1003/1003 gid/egid:1009/1009, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
------------[ cut here ]------------
kernel BUG at mm/mmap.c:1725!
invalid opcode: 0000 [#1]
Modules linked in: via_rhine via_velocity
CPU: 0
EIP: 0060:[<00060323>] Not tainted VLI
EFLAGS: 00010286 (2.6.23-hardened-r12-onyx #2)
EIP is at pax_find_mirror_vma+0x93/0xa0
eax: 00000000 ebx: ab9ca000 ecx: f6460600 edx: f6460660
esi: 00006000 edi: 00100077 ebp: f643ab40 esp: f6be5e50
ds: 0068 es: 0068 fs: 0000 gs: 0033 ss: 0068
Process java (pid: 5884, ti=f6be4000 task=f6f08000 task.ti=f6be4000)
Stack: f6b71720 f6460600 4b9d1000 0005f2bf 0005efe4 4b9d0000 00000000 00000000
00000000 ab9d1000 ab9d0000 00000001 4b9d0000 f643ab40 4b9d0000 4b9d1000
00000070 000618a3 4b9d1000 00000070 00000000 00000000 0004b9d0 00000000
Call Trace:
[<0005f2bf>] vma_merge+0x8f/0x380
[<0005efe4>] vma_adjust+0x1f4/0x330
[<000618a3>] mprotect_fixup+0xc3/0x330
[<0004b9d0>] audit_socketcall+0x40/0x90
[<00061d21>] sys_mprotect+0x211/0x2d0
[<00100071>] blkcipher_walk_next+0x271/0x310
[<00100077>] blkcipher_walk_next+0x277/0x310
[<00061d73>] sys_mprotect+0x263/0x2d0
[<00100077>] blkcipher_walk_next+0x277/0x310
[<00056994>] shrink_page_list+0x2b4/0x470
[<00005250>] restore_all+0x0/0x18
[<0000522a>] syscall_call+0x7/0xb
=======================
Code: 31 cf 81 e7 dd df ef df 75 25 5b 5e 5f c3 8b 71 58 31 c0 85 f6 74 f3 0f 0b eb fe 0f 0b eb fe 0f 0b eb fe 0f 0b eb fe 0f 0b eb fe <0f> 0b eb fe 0f 0b eb fe 90 8d 74 26 00 83 ec 1c 89 5c 24 0c 89
EIP: [<00060323>] pax_find_mirror_vma+0x93/0xa0 SS:ESP 0068:f6be5e50
grsec: signal 11 sent to /opt/sun-jdk-1.6.0.05/bin/java[java:5612] uid/euid:1003/1003 gid/egid:1009/1009, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
grsec: signal 11 sent to /opt/sun-jdk-1.6.0.05/bin/java[java:5612] uid/euid:1003/1003 gid/egid:1009/1009, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

And the strace again, same kernel. Output from:
Code: Select all
strace -f -e trace=open,old_mmap,mmap2,munmap,mprotect,mremap -o javastrace.txt java -client -Xshare:dump

javastrace.txt:
22750 open("/etc/ld.so.cache", O_RDONLY) = 3
22750 mmap2(NULL, 27404, PROT_READ, MAP_PRIVATE, 3, 0) = 0x5543a000
22750 open("/lib/libncurses.so.5", O_RDONLY) = 3
22750 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x55439000
22750 mmap2(NULL, 319148, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0x553eb000
22750 mmap2(0x55430000, 36864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_D
ENYWRITE, 3, 0x44) = 0x55430000
22750 open("/lib/libdl.so.2", O_RDONLY) = 3
22750 mmap2(NULL, 12344, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x553e7000
22750 mmap2(0x553e9000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DE
NYWRITE, 3, 0x1) = 0x553e9000
22750 open("/lib/libc.so.6", O_RDONLY) = 3
22750 mmap2(NULL, 1374480, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0x55297000
22750 mmap2(0x553e1000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_D
ENYWRITE, 3, 0x14a) = 0x553e1000
22750 mmap2(0x553e4000, 10512, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_A
NONYMOUS, -1, 0) = 0x553e4000
22750 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x55296000
22750 open("/dev/urandom", O_RDONLY) = 3
22750 mprotect(0x553e1000, 8192, PROT_READ) = 0
22750 mprotect(0x553e9000, 4096, PROT_READ) = 0
22750 mprotect(0x55430000, 32768, PROT_READ) = 0
22750 mprotect(0x14c8b000, 4096, PROT_READ) = 0
22750 mprotect(0x5545e000, 4096, PROT_READ) = 0
22750 munmap(0x5543a000, 27404) = 0
22750 open("/dev/tty", O_RDWR|O_NONBLOCK|O_LARGEFILE) = 3
22750 open("/proc/meminfo", O_RDONLY) = 3
22750 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x55440000
22750 munmap(0x55440000, 4096) = 0
22750 open("/usr/bin/java", O_RDONLY|O_LARGEFILE) = 3
22751 open("/etc/ld.so.cache", O_RDONLY) = 3
22751 mmap2(NULL, 27404, PROT_READ, MAP_PRIVATE, 3, 0) = 0x507d3000
22751 open("/lib/libc.so.6", O_RDONLY) = 3
22751 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x507d2000
22751 mmap2(NULL, 1374480, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0x50682000
22751 mmap2(0x507cc000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_D
ENYWRITE, 3, 0x14a) = 0x507cc000
22751 mmap2(0x507cf000, 10512, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_A
NONYMOUS, -1, 0) = 0x507cf000
22751 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x50681000
22751 open("/dev/urandom", O_RDONLY) = 3
22751 mprotect(0x507cc000, 8192, PROT_READ) = 0
22751 mprotect(0x15edb000, 4096, PROT_READ) = 0
22751 mprotect(0x507f7000, 4096, PROT_READ) = 0
22751 munmap(0x507d3000, 27404) = 0
22751 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x507d9000
22751 munmap(0x507d9000, 4096) = 0
22750 --- SIGCHLD (Child exited) @ 0 (0) ---
22752 open("/etc/ld.so.cache", O_RDONLY) = 3
22752 mmap2(NULL, 27404, PROT_READ, MAP_PRIVATE, 3, 0) = 0x4a0f4000
22752 open("/lib/libc.so.6", O_RDONLY) = 3
22752 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4a0f3000
22752 mmap2(NULL, 1374480, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x49fa3000
22752 mmap2(0x4a0ed000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14a) = 0x4a0ed000
22752 mmap2(0x4a0f0000, 10512, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4a0f0000
22752 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x49fa2000
22752 open("/dev/urandom", O_RDONLY) = 3
22752 mprotect(0x4a0ed000, 8192, PROT_READ) = 0
22752 mprotect(0x129d0000, 4096, PROT_READ) = 0
22752 mprotect(0x4a118000, 4096, PROT_READ) = 0
22752 munmap(0x4a0f4000, 27404) = 0
22752 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4a0fa000
22752 munmap(0x4a0fa000, 4096) = 0
22750 --- SIGCHLD (Child exited) @ 0 (0) ---
22753 open("/etc/ld.so.cache", O_RDONLY) = 3
22753 mmap2(NULL, 27404, PROT_READ, MAP_PRIVATE, 3, 0) = 0x505f1000
22753 open("/lib/libc.so.6", O_RDONLY) = 3
22753 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x505f0000
22753 mmap2(NULL, 1374480, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x504a0000
22753 mmap2(0x505ea000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14a) = 0x505ea000
22753 mmap2(0x505ed000, 10512, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x505ed000
22753 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x5049f000
22753 open("/dev/urandom", O_RDONLY) = 3
22753 mprotect(0x505ea000, 8192, PROT_READ) = 0
22753 mprotect(0x15351000, 4096, PROT_READ) = 0
22753 mprotect(0x50615000, 4096, PROT_READ) = 0
22753 munmap(0x505f1000, 27404) = 0
22753 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x505f7000
22753 munmap(0x505f7000, 4096) = 0
22750 --- SIGCHLD (Child exited) @ 0 (0) ---
22750 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4c953000
22750 open("/opt/sun-jdk-1.6.0.05/bin/../lib/i386/jli/tls/i686/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../lib/i386/jli/tls/i686/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../lib/i386/jli/tls/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../lib/i386/jli/tls/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../lib/i386/jli/i686/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../lib/i386/jli/i686/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../lib/i386/jli/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../lib/i386/jli/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/tls/i686/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/tls/i686/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/tls/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/tls/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/i686/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/i686/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/etc/ld.so.cache", O_RDONLY) = 3
22750 mmap2(NULL, 27404, PROT_READ, MAP_PRIVATE, 3, 0) = 0x4c94c000
22750 open("/lib/libpthread.so.0", O_RDONLY) = 3
22750 mmap2(NULL, 94432, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4c934000
22750 mmap2(0x4c948000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13) = 0x4c948000
22750 mmap2(0x4c94a000, 4320, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4c94a000
22750 open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/libjli.so", O_RDONLY) = 3
22750 mmap2(NULL, 35516, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4c92b000
22750 mmap2(0x4c932000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6) = 0x4c932000
22750 open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/lib/libdl.so.2", O_RDONLY) = 3
22750 mmap2(NULL, 12344, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4c927000
22750 mmap2(0x4c929000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x4c929000
22750 open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/lib/libc.so.6", O_RDONLY) = 3
22750 mmap2(NULL, 1374480, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4c7d7000
22750 mmap2(0x4c921000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14a) = 0x4c921000
22750 mmap2(0x4c924000, 10512, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4c924000
22750 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4c7d6000
22750 open("/dev/urandom", O_RDONLY) = 3
22750 mprotect(0x4c921000, 8192, PROT_READ) = 0
22750 mprotect(0x4c929000, 4096, PROT_READ) = 0
22750 mprotect(0x4c948000, 4096, PROT_READ) = 0
22750 mprotect(0x4c971000, 4096, PROT_READ) = 0
22750 munmap(0x4c94c000, 27404) = 0
22750 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/jvm.cfg", O_RDONLY) = 3
22750 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4c952000
22750 munmap(0x4c952000, 4096) = 0
22750 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4fb08000
22750 open("/opt/sun-jdk-1.6.0.05/bin/../lib/i386/jli/tls/i686/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../lib/i386/jli/tls/i686/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../lib/i386/jli/tls/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../lib/i386/jli/tls/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../lib/i386/jli/i686/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../lib/i386/jli/i686/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../lib/i386/jli/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../lib/i386/jli/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/tls/i686/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/tls/i686/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/tls/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/tls/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/i686/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/i686/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/client/tls/i686/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/client/tls/i686/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/client/tls/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/client/tls/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/client/i686/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/client/i686/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/client/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/client/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/tls/i686/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/tls/i686/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/tls/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/tls/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/i686/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/i686/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/../lib/i386/tls/i686/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/../lib/i386/tls/i686/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/../lib/i386/tls/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/../lib/i386/tls/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/../lib/i386/i686/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/../lib/i386/i686/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/../lib/i386/sse2/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/../lib/i386/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/etc/ld.so.cache", O_RDONLY) = 3
22750 mmap2(NULL, 27404, PROT_READ, MAP_PRIVATE, 3, 0) = 0x4fb01000
22750 open("/lib/libpthread.so.0", O_RDONLY) = 3
22750 mmap2(NULL, 94432, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4fae9000
22750 mmap2(0x4fafd000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13) = 0x4fafd000
22750 mmap2(0x4faff000, 4320, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4faff000
22750 open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/libjli.so", O_RDONLY) = 3
22750 mmap2(NULL, 35516, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4fae0000
22750 mmap2(0x4fae7000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6) = 0x4fae7000
22750 open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/client/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/lib/libdl.so.2", O_RDONLY) = 3
22750 mmap2(NULL, 12344, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4fadc000
22750 mmap2(0x4fade000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x4fade000
22750 open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/client/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/lib/libc.so.6", O_RDONLY) = 3
22750 mmap2(NULL, 1374480, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4f98c000
22750 mmap2(0x4fad6000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14a) = 0x4fad6000
22750 mmap2(0x4fad9000, 10512, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4fad9000
22750 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4f98b000
22750 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4f98a000
22750 open("/dev/urandom", O_RDONLY) = 3
22750 mprotect(0x4fad6000, 8192, PROT_READ) = 0
22750 mprotect(0x4fade000, 4096, PROT_READ) = 0
22750 mprotect(0x4fafd000, 4096, PROT_READ) = 0
22750 mprotect(0x4fb26000, 4096, PROT_READ) = 0
22750 munmap(0x4fb01000, 27404) = 0
22750 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/jvm.cfg", O_RDONLY) = 3
22750 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4fb07000
22750 munmap(0x4fb07000, 4096) = 0
22750 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/client/libjvm.so", O_RDONLY) = 3
22750 mmap2(0x6000000, 8730580, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4f136000
22750 mmap2(0x4f550000, 106496, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x41a) = 0x4f550000
22750 mmap2(0x4f56a000, 4323284, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4f56a000
22750 open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/libm.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/client/libm.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/libm.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
22750 open("/etc/ld.so.cache", O_RDONLY) = 3
22750 mmap2(NULL, 27404, PROT_READ, MAP_PRIVATE, 3, 0) = 0x4fb01000
22750 open("/lib/libm.so.6", O_RDONLY) = 3
22750 mmap2(NULL, 159824, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4f10e000
22750 mmap2(0x4f134000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x25) = 0x4f134000
22750 mprotect(0x4f134000, 4096, PROT_READ) = 0
22750 mprotect(0x4f136000, 4300800, PROT_READ|PROT_WRITE) = 0
22750 mprotect(0x4f136000, 4300800, PROT_READ|PROT_EXEC) = 0
22750 munmap(0x4fb01000, 27404) = 0
22750 mmap2(NULL, 331776, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4f0bd000
22750 mprotect(0x4f0bd000, 4096, PROT_NONE) = 0
22754 open("/proc/stat", O_RDONLY) = 3
22754 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4fb07000
22754 munmap(0x4fb07000, 4096) = 0
22754 open("/proc/22754", O_RDONLY) = 3
22754 open("/proc/meminfo", O_RDONLY) = 3
22754 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4fb07000
22754 munmap(0x4fb07000, 4096) = 0
22754 open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/librt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
22754 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/client/librt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
22754 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/librt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
22754 open("/etc/ld.so.cache", O_RDONLY) = 3
22754 mmap2(NULL, 27404, PROT_READ, MAP_PRIVATE, 3, 0) = 0x4fb01000
22754 open("/lib/librt.so.1", O_RDONLY) = 3
22754 mmap2(NULL, 33100, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4f0b4000
22754 mmap2(0x4f0bb000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6) = 0x4f0bb000
22754 mprotect(0x4f0bb000, 4096, PROT_READ) = 0
22754 munmap(0x4fb01000, 27404) = 0
22754 open(".hotspotrc", O_RDONLY) = -1 ENOENT (No such file or directory)
22754 open("/opt/sun-jdk-1.6.0.05/jre/lib/endorsed", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = -1 ENOENT (No such file or directory)
22754 mmap2(NULL, 4096, PROT_READ, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4fb07000
22754 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4fb06000
22754 open("/proc/self/maps", O_RDONLY) = 3
22754 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4fb05000
22754 munmap(0x4fb05000, 4096) = 0
22754 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/native_threads/libhpi.so", O_RDONLY) = 3
22754 mmap2(NULL, 27104, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4f0ad000
22754 mmap2(0x4f0b3000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6) = 0x4f0b3000
22754 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/native_threads/tls/i686/sse2/libnsl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
22754 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/native_threads/tls/i686/libnsl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
22754 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/native_threads/tls/sse2/libnsl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
22754 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/native_threads/tls/libnsl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
22754 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/native_threads/i686/sse2/libnsl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
22754 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/native_threads/i686/libnsl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
22754 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/native_threads/sse2/libnsl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
22754 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/native_threads/libnsl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
22754 open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/libnsl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
22754 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/client/libnsl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
22754 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/libnsl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
22754 open("/etc/ld.so.cache", O_RDONLY) = 3
22754 mmap2(NULL, 27404, PROT_READ, MAP_PRIVATE, 3, 0) = 0x4f0a6000
22754 open("/lib/libnsl.so.1", O_RDONLY) = 3
22754 mmap2(NULL, 108104, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4f08b000
22754 mmap2(0x4f0a2000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16) = 0x4f0a2000
22754 mmap2(0x4f0a4000, 5704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4f0a4000
22754 mprotect(0x4f0a2000, 4096, PROT_READ) = 0
22754 munmap(0x4f0a6000, 27404) = 0
22754 open("/etc/nsswitch.conf", O_RDONLY) = 3
22754 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4fb05000
22754 munmap(0x4fb05000, 4096) = 0
22754 open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
22754 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/client/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
22754 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
22754 open("/etc/ld.so.cache", O_RDONLY) = 3
22754 mmap2(NULL, 27404, PROT_READ, MAP_PRIVATE, 3, 0) = 0x4f0a6000
22754 open("/lib/libnss_compat.so.2", O_RDONLY) = 3
22754 mmap2(NULL, 41380, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4f080000
22754 mmap2(0x4f089000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8) = 0x4f089000
22754 mprotect(0x4f089000, 4096, PROT_READ) = 0
22754 munmap(0x4f0a6000, 27404) = 0
22754 open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/libnss_nis.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
22754 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/client/libnss_nis.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
22754 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/libnss_nis.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
22754 open("/etc/ld.so.cache", O_RDONLY) = 3
22754 mmap2(NULL, 27404, PROT_READ, MAP_PRIVATE, 3, 0) = 0x4f0a6000
22754 open("/lib/libnss_nis.so.2", O_RDONLY) = 3
22754 mmap2(NULL, 41348, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4f075000
22754 mmap2(0x4f07e000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8) = 0x4f07e000
22754 open("/opt/sun-jdk-1.6.0.05/bin/../jre/lib/i386/jli/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
22754 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/client/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
22754 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/libnss_files.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
22754 open("/lib/libnss_files.so.2", O_RDONLY) = 3
22754 mmap2(NULL, 41448, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4f06a000
22754 mmap2(0x4f073000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9) = 0x4f073000
22754 mprotect(0x4f073000, 4096, PROT_READ) = 0
22754 mprotect(0x4f07e000, 4096, PROT_READ) = 0
22754 munmap(0x4f0a6000, 27404) = 0
22754 open("/etc/passwd", O_RDONLY) = 3
22754 mmap2(NULL, 1479, PROT_READ, MAP_SHARED, 3, 0) = 0x4fb05000
22754 munmap(0x4fb05000, 1479) = 0
22754 open("/tmp/hsperfdata_root", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = -1 ENOENT (No such file or directory)
22754 open("/tmp/hsperfdata_root/22750", O_RDWR|O_CREAT|O_TRUNC, 0600) = 3
22754 mmap2(NULL, 32768, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0) = 0x4f062000
22754 mmap2(0x4f0bd000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4f0bd000
22754 mprotect(0x4f0bd000, 12288, PROT_NONE) = 0
22754 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/libverify.so", O_RDONLY) = 3
22754 mmap2(NULL, 47444, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4f056000
22754 mmap2(0x4f061000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xb) = 0x4f061000
22754 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/libjava.so", O_RDONLY) = 3
22754 mmap2(NULL, 150088, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4f031000
22754 mmap2(0x4f054000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x23) = 0x4f054000
22754 open("/opt/sun-jdk-1.6.0.05/jre/lib/i386/libzip.so", O_RDONLY) = 3
22754 mmap2(NULL, 68448, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4f020000
22754 mmap2(0x4f02f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xe) = 0x4f02f000
22754 open("/opt/sun-jdk-1.6.0.05/jre/lib/meta-index", O_RDONLY) = 3
22754 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4fb05000
22754 munmap(0x4fb05000, 4096) = 0
22754 mmap2(NULL, 33554432, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x4d020000
22754 mmap2(0x4d020000, 163840, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4d020000
22754 mmap2(NULL, 524288, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x4cfa0000
22754 mmap2(0x4cfa0000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4cfa0000
22754 mmap2(NULL, 67108864, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x48fa0000
22754 mmap2(NULL, 67108864, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x44fa0000
22754 mmap2(NULL, 67108864, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x40fa0000
22754 mmap2(NULL, 67108864, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x3cfa0000
22754 mmap2(NULL, 67108864, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x38fa0000
22754 mmap2(NULL, 67108864, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x34fa0000
22754 mmap2(NULL, 67108864, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x30fa0000
22754 mmap2(NULL, 67108864, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x2cfa0000
22754 mmap2(NULL, 163577856, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x233a0000
22754 mmap2(NULL, 307200, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x23355000
22754 mmap2(0x2339f000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2339f000
22754 mmap2(0x233a0000, 1048576, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x233a0000
22754 mmap2(0x23355000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x23355000
22754 mmap2(0x23880000, 4194304, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x23880000
22754 mmap2(NULL, 122880, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x23337000
22754 mmap2(0x23337000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x23337000
22754 mmap2(0x23357000, 12288, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x23357000
22754 mmap2(0x273a0000, 12582912, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x273a0000
22754 mmap2(NULL, 135168, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x23316000
22754 mmap2(0x23316000, 28672, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x23316000
22754 mmap2(0x23375000, 24576, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x23375000
22754 mmap2(0x2b3a0000, 8388608, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2b3a0000
22754 mmap2(0x2bba0000, 12582912, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2bba0000
22754 mmap2(0x2c7a0000, 4194304, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2c7a0000
22754 mmap2(0x2cba0000, 4194304, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2cba0000
22754 mmap2(NULL, 20480, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x4fb01000
22754 mmap2(0x4fb01000, 20480, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4fb01000
22754 mmap2(NULL, 28672, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x4f0a6000
22754 mmap2(0x4f0a6000, 28672, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4f0a6000
22754 mmap2(0x23395000, 40960, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x23395000
22754 mmap2(0x4d048000, 32768, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4d048000
22754 open("/proc/meminfo", O_RDONLY) = 3
22754 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x23315000
22754 munmap(0x23315000, 4096) = 0
22754 open("/opt/sun-jdk-1.6.0.05/jre/lib/rt.jar", O_RDONLY|O_LARGEFILE) = 3
22754 mmap2(NULL, 1611490, PROT_READ, MAP_SHARED, 3, 0x2ded) = 0x2318c000
22754 mmap2(NULL, 204800, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2315a000
22754 mmap2(0x4d050000, 32768, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4d050000
22754 open(".hotspot_compiler", O_RDONLY) = -1 ENOENT (No such file or directory)
22754 mmap2(NULL, 528384, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x230d9000
22754 mprotect(0x230d9000, 4096, PROT_NONE) = 0
22754 open("/opt/sun-jdk-1.6.0.05/jre/lib/classlist", O_RDONLY) = 4
22754 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x230d8000
22754 open("/opt/sun-jdk-1.6.0.05/jre/lib/charsets.jar", O_RDONLY|O_LARGEFILE) = 5
22754 mmap2(NULL, 54899, PROT_READ, MAP_SHARED, 5, 0x656) = 0x230ca000
22754 mmap2(0x27fa0000, 262144, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x27fa0000
22754 mmap2(0x2337b000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2337b000
22754 mmap2(0x27fe0000, 262144, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x27fe0000
22754 mmap2(0x28020000, 262144, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x28020000
22754 mmap2(0x28060000, 262144, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x28060000
22755 mprotect(0x4fb06000, 4096, PROT_READ) = 0
22755 mprotect(0x4fb06000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
22755 mprotect(0x4fb07000, 4096, PROT_NONE
Note here: the last line was actually cut.

stdout, can be usefull if you try to repreduce it on own machines.
Loading classes to share ... done.
Rewriting and unlinking classes ... done.
Calculating hash values for String objects .. done.
-- freeze --

There's a lot of "No such file or directory", but beside of that i know too little about debugging to read all this. One day perhaps..

Will try with the gentoo hardened-sources-2.6.24-r2 now. More to come..
wippie
 
Posts: 7
Joined: Sun May 25, 2008 11:05 am

Re: found kernel trace when using java

Postby wippie » Thu May 29, 2008 6:02 pm

It's been a busy week for me.. anyway:
Just tried the 2.6.24 kernel, latest version in the gentoo portage, and it seems to be the same problem there.
java: sun-jdk-1.6.0.05
dmesg:
------------[ cut here ]------------
kernel BUG at mm/mmap.c:1731!
invalid opcode: 0000 [#1]
Modules linked in: via_rhine via_velocity

Pid: 5522, comm: java Not tainted (2.6.24-hardened-r2 #1)
EIP: 0060:[<00065c74>] EFLAGS: 00010286 CPU: 0
EIP is at pax_find_mirror_vma+0xa4/0xb0
EAX: 00000000 EBX: aea63000 ECX: f651e6c0 EDX: f651e720
ESI: 00006000 EDI: 00100077 EBP: f64c2d20 ESP: f64c9e38
DS: 0068 ES: 0068 FS: 0000 GS: 0033 SS: 0068
Process java (pid: 5522, ti=f64c8000 task=f6462ff0 task.ti=f64c8000)
Stack: f6513de0 f651e6c0 4ea6a000 00064b7f 00066f16 00000000 00000000 00000000
00000000 aea6a000 aea69000 00000001 4ea69000 f64c2d20 4ea69000 4ea6a000
00000070 000671b3 4ea6a000 00000070 00000000 00000000 0004ea69 00000000
Call Trace:
[<00064b7f>] vma_merge+0x8f/0x3d0
[<00066f16>] change_pte_range+0x26/0xd0
[<000671b3>] mprotect_fixup+0xc3/0x320
[<0004ea69>] audit_core_dumps+0x19/0xe0
[<0006761a>] sys_mprotect+0x20a/0x2c0
[<00067663>] sys_mprotect+0x253/0x2c0
[<00100077>] sys_shmctl+0x5c7/0x870
[<001313f5>] __copy_to_user_ll+0x5/0x10
[<00131472>] copy_to_user+0x32/0x50
[<00026611>] sys_gettimeofday+0x21/0x60
[<00004b45>] setup_rt_frame+0x75/0x2f0
[<0000522a>] syscall_call+0x7/0xb
=======================
Code: df ef df 75 2a 5b 5e 5f c3 8b 71 58 31 c0 85 f6 74 f3 0f 0b eb fe 90 0f 0b eb fe 0f 0b eb fe 0f 0b eb fe 0f 0b eb fe 0f 0b eb fe <0f> 0b eb fe 0f 0b eb fe 8d 74 26 00 83 ec 1c 89 5c 24 0c 89 d3
EIP: [<00065c74>] pax_find_mirror_vma+0xa4/0xb0 SS:ESP 0068:f64c9e38
---[ end trace bff9dbc27e652c61 ]---

Any ideas how to proceed?
wippie
 
Posts: 7
Joined: Sun May 25, 2008 11:05 am

Re: found kernel trace when using java

Postby PaX Team » Thu May 29, 2008 8:59 pm

wippie wrote:Any ideas how to proceed?
thanks for the info, i extracted the failing mmap/mprotect sequence but i can't make it BUG on neither .24 nor .25. can you try to test the PaX patches alone as well?

edit: ok, managed to reproduce it, silly me ;), i'm working on it now.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: found kernel trace when using java

Postby wippie » Fri May 30, 2008 4:26 pm

edit: ok, managed to reproduce it, silly me , i'm working on it now.

then it was not gentoo specific but an bug in grsecurity/pax?
wippie
 
Posts: 7
Joined: Sun May 25, 2008 11:05 am

Re: found kernel trace when using java

Postby PaX Team » Fri May 30, 2008 7:04 pm

wippie wrote:
edit: ok, managed to reproduce it, silly me , i'm working on it now.

then it was not gentoo specific but an bug in grsecurity/pax?
that's what i said in the first two comments, didn't i? ;)
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: found kernel trace when using java

Postby PaX Team » Sun Jun 01, 2008 8:23 pm

latest test patches (both .24 and .25) should fix the bug, can you guys test them as well?
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: found kernel trace when using java

Postby wippie » Tue Jun 03, 2008 5:51 pm

At first i tried to combine the test patches with gentoo's hardened patches for 2.6.24 kernel..didn't go very smooth and decided leave that to the gentoo hardened team.
Tried the test patch grsecurity-2.1.12-2.6.25.4-200806012125.patch with a vanilla 2.6.25.4 and the bug seem to be fixed.
# java -client -Xshare:dump
Loading classes to share ... done.
Rewriting and unlinking classes ... done.
Calculating hash values for String objects .. done.
Calculating fingerprints ... done.
Removing unshareable information ... done.
Moving pre-ordered read-only objects to shared space at 0x2dcb0000 ... done.
Moving read-only objects to shared space at 0x2e0cc300 ... done.
Moving common symbols to shared space at 0x2e0cdc78 ... done.
Moving remaining symbols to shared space at 0x2e195c70 ... done.
Moving string char arrays to shared space at 0x2e1968e0 ... done.
Moving additional symbols to shared space at 0x2e22d1b8 ... done.
Read-only space ends at 0x2e2934a0, 6173856 bytes.
Moving pre-ordered read-write objects to shared space at 0x2e4b0000 ... done.
Moving read-write objects to shared space at 0x2eb271c8 ... done.
Moving String objects to shared space at 0x2eb64748 ... done.
Read-write space ends at 0x2eba8668, 7308904 bytes.
Updating references to shared objects ... done.
#


just to show that pax is enabled:
PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
Released under the GNU Public Licence version 2 or later

Mode: blackhat
Linux viaesther 2.6.25 #1 Tue Jun 3 20:24:00 CEST 2008 i686 VIA Esther processor 1000MHz CentaurHauls GNU/Linux

Executable anonymous mapping : Killed
Executable bss : Killed
Executable data : Killed
Executable heap : Killed
Executable stack : Killed
Executable anonymous mapping (mprotect) : Killed
Executable bss (mprotect) : Killed
Executable data (mprotect) : Killed
Executable heap (mprotect) : Killed
Executable stack (mprotect) : Killed
Executable shared library bss (mprotect) : Killed
Executable shared library data (mprotect): Killed
Writable text segments : Killed
Anonymous mapping randomisation test : 17 bits (guessed)
Heap randomisation test (ET_EXEC) : 13 bits (guessed)
Heap randomisation test (ET_DYN) : 23 bits (guessed)
Main executable randomisation (ET_EXEC) : No randomisation
Main executable randomisation (ET_DYN) : 15 bits (guessed)
Shared library randomisation test : 17 bits (guessed)
Stack randomisation test (SEGMEXEC) : 23 bits (guessed)
Stack randomisation test (PAGEEXEC) : No randomisation
Return to function (strcpy) : Vulnerable
Return to function (memcpy) : Vulnerable
Return to function (strcpy, RANDEXEC) : Vulnerable
Return to function (memcpy, RANDEXEC) : Vulnerable
Executable shared library bss : Killed
Executable shared library data : Killed


Great job people and thank you for a quick patching!!
wippie
 
Posts: 7
Joined: Sun May 25, 2008 11:05 am

Re: found kernel trace when using java

Postby PaX Team » Tue Jun 03, 2008 7:00 pm

wippie wrote:Linux viaesther 2.6.25 #1 Tue Jun 3 20:24:00 CEST 2008 i686 VIA Esther processor 1000MHz CentaurHauls GNU/Linux
btw guys, i think your CPUs support the hw NX bit, why don't you use PAGEEXEC/NX/PAE instead of SEGMEXEC? ok, it'd have taken more time for someone to run into this bug ;), but you're really better off with using your CPU's capabilities.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Next

Return to grsecurity support

cron